You're listening to the Cyber Wire Network, powered by N2K. Today's sponsor, Rapid7, has an irresistible invitation for you CISOs and security practitioners out there. A free two-day virtual summit. The subject? Preemptive Security. Join the Global Cybersecurity Summit on May 12th and 13th from wherever you like. A-list speakers will show you how organizations are disrupting attacks before they can blowtorch your day. You'll see how exposure management, MDR, and AI together let you make the decisive move. Registration is open at rapid7.brighttalk.com. Thank you. Autodivergent cyber pros cite inclusion gaps. Police arrest a 19-year-old alleged scattered spider member. Our guest is Chris Boehm, Zero Network's field chief technology officer, on minimizing your blast radius. And AI lowers the bar and lengthens the line in the courtroom. It's Wednesday, April 29th, 2026. I'm Dave Bittner, and this is your CyberWire Intel Briefing. Thanks for joining us here today. It's great, as always, to have you with us. OpenAI and Anthropic delivered classified briefings to House Homeland Security Committee staff on cyber-capable frontier AI models and risks to critical infrastructure sectors. According to Axios, the companies outlined security implications of new systems, including Anthropic's unreleased Mythos preview model and OpenAI's tiered rollout of GPT-5.4 cyber. Officials also discussed China's alleged industrial-scale efforts to copy U.S. models and risks from jailbroken systems that bypass safeguards. Lawmakers described demonstrations of misuse scenarios as alarming. Early congressional exposure to offensive cyber capabilities in AI models signals growing urgency around regulation, infrastructure protection, and government access to defensive AI tools as adversary competition intensifies Meanwhile, the White House is considering executive action that could ease tensions with Anthropic and expand government access to its cyber-capable mythos model Officials are consulting industry on guidance that could soften restrictions tied to a Pentagon's supply chain risk designation. Agencies, including the NSA, are already using Mythos as legal disputes continue over anthropic limits on military applications. Resolving the dispute could shape federal access to advanced defensive AI tools as agencies weigh operational needs against restrictions on surveillance and autonomous weapons use. A Government Accountability Office report finds Treasury granted a Doge employee improper access to sensitive federal payment systems, including data tied to tax refunds and benefits. According to Federal News Network and GAO, the staffer could view, copy, and print Bureau of Fiscal Service payment data in early 2025 and was briefly able to modify or delete records before access was revoked. GAO also found the employee shared an unencrypted file containing USAID payment details without approval. Treasury's monitoring tools failed to stop the transmission, and required security procedures were not followed. The findings highlight gaps in safeguards protecting large federal payment data sets and suggest broader oversight risks as DOGE seeks access across agencies, with watchdogs warning current reporting may represent only preliminary findings. Greece is advancing a proposal to require identity verification for social media users, aiming to reduce anonymous harassment, misinformation, and coordinated online abuse. Digital Governance Minister Dimitri Papastergio told URACTIVE the plan is under review within the Prime Minister's office ahead of the 2027 national elections. Officials say anonymity enables threats, hate speech, and fake accounts promoting political figures. The proposal would not eliminate pseudonyms but would require platforms to confirm each account corresponds to a real person. Implementation details remain unclear. Mandatory identity verification could reshape platform accountability requirements and online speech enforcement while raising technical and legal questions about privacy, platform compliance, and potential EU-level coordination. CISA has ordered federal agencies to patch a Windows vulnerability after evidence of active exploitation and zero-day attacks. According to Akamai, the flaw stems from an incomplete fix to a prior remote code execution issue and enables credential theft through auto-parsed shortcut or LNK files. CISA added the bug to its known exploited vulnerabilities catalog and set a May 12 remediation deadline. Researchers warn the VECT 2.0 ransomware contains a flaw that permanently destroys large files instead of encrypting them for recovery after payment. According to Checkpoint, the malware mishandles encrypted nonces, unique values used during encryption, by overwriting them during chunk processing. Only the final portion of affected files remains recoverable while earlier sections cannot be decrypted even by attackers The issue affects Windows Linux and ESXi variants VECT operators also promoted partnerships targeting victims of recent supply chain compromises linked to Team PCP activity. Organizations hit by VECT 2.0 may face irreversible data loss rather than recoverable ransomware encryption. increasing operational risk and reducing the value of ransom negotiations. A new survey from the National Association of Chief Information Officers and Deloitte finds state chief information security officers report sharply lower confidence in protecting public sector systems from cyber threats. According to the 2026 biennial study, only 26% of state CISOs said they're highly confident in safeguarding information assets, down from 48% in 2022. Confidence in local governments and public universities dropped further, while 94% of CISOs now help shape generative AI security policies and 16% report budget cuts. Nearly half identified cybersecurity effectiveness metrics as their top initiative. Shared infrastructure across state and local agencies increases cascade risk from a single compromise While AI-enabled attack techniques are raising pressure for coordinated whole-of-state defenses An ISC2 workforce study finds neurodivergent cybersecurity professionals remain engaged in the field But report lower workplace support and higher fatigue than their peers According to the ISC2 Cybersecurity Workforce Study of more than 16,000 respondents, 12% identified as neurodivergent, 67% reported job satisfaction slightly below non-neurodivergent peers, and only 64% said they feel valued at work. Respondents were less likely to hold management roles and more likely to report exhaustion from keeping pace with evolving threats and technologies. Inclusion gaps and workload pressures may affect retention across an already constrained cyber workforce While flexible work arrangements, recognition, and clearer career pathways Appear linked to stronger engagement and long-term participation in the profession Authorities have arrested a 19-year-old dual U.S. and Estonian national accused of participating in scattered spider intrusions targeting major corporations for ransom. According to court records obtained by the Chicago Tribune, Peter Stokes, known online as Bouquet, was detained in Finland while attempting to board a flight to Japan. Prosecutors allege he helped infiltrate corporate networks through help desk social engineering and credential resets, including a 2025 breach of a luxury retailer where attackers claimed to steal 100 gigabytes of data and demanded $8 million. Officials say he participated in multiple attacks dating back to age 16. The case underscores the continued operational impact of loosely organized youth-driven intrusion groups targeting enterprise authentication workflows. Coming up after the break, my conversation with Chris Beam, Zero Network's Field Chief Technology Officer. We're discussing minimizing your blast radius. And AI lowers the bar and lengthens the line in the courtroom. Stay with us. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with ThreatLocker DAC, defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero-trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero-trust attainable, even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo at ThreatLocker.com slash N2K today. When it comes to mobile application security, good enough is a risk. A recent survey shows that 72% of organizations reported at least one mobile application security incident last year, and 92% of responders reported threat levels have increased in the past two years. GuardSquare delivers the highest level of security for your mobile apps without compromising performance, time to market, or user experience. Discover how GuardSquare provides industry-leading security for your Android and iOS apps at www.guardsquare.com. Chris Beam is Zero Network's Field Chief Technology Officer. I recently caught up with him to learn how to minimize your blast radius. When it comes to cyber criminals adjusting to how they're working on gaining a foothold and then blasting out, it's being done slightly differently. This is not new. Like they've done living off the land. That's why the terminology is there. The fear is full control and then how long they're there. I can talk with multiple different industries and each one has its own fear. One is the business resilience making sure we're still running. The other one is I have very sensitive information. I don't want that to be shared out. So there's different levels of scarcity, but it's all the same challenge. How do we prevent attackers from moving around? And that's really the fear. And how that being elevated is there multiple new technologies out there for hackers to leverage including the AI to move a lot faster And even I think it was a crab strike A couple of weeks ago They said the average attack speed is under a minute now Like it insane It insane how fast things are moving after they get in the environment. Yeah. I know you've pointed out that some of these threat actors are blending their activities, making them look more like legit behavior. Can you dig into that for us a little bit? What's going on there? Yeah, the main shift there is a lot of people have the fear of zero-day vulnerabilities or someone downloading a malicious payload and then gaining access. The real thing that's happening that we're seeing is people are gaining access through your legitimate users. And this is, you can think, I can think of a few public-sized news articles that have happened on big companies recently. It's not because they went in and they just hacked through a back door. They actually gain access using your credentials and then gaining access to your environment. And most people aren't prepared for that. Because what happens if I use, Dave, your user account, and you have access to everything in your environment, you're an administrator, then all of a sudden I have access to everything as a hacker. And that's where the fear happens, and that's where the problem is really occurring right now. Because the tools out there are pretty good to prevent, but what happens if it's not a prevention and it's legitimate? That's the real challenge. So what are your recommendations then for folks to deal with this? the way it's being focused in the market today is leveraging the zero trust mindset you know least privilege access re-evaluating and making sure you're hitting the proper roadmap of understanding do you belong here and are you say you are who you say you are as someone that's looking into this market and they're not on that journey just yet consider yourself in the position like i just mentioned could someone who had access to your system administrative account how far could they go and what did they do and how do you prevent that from happening the conversations i hear typically shift in oh i have bubbles and i have security measures in place again they're acting as if they are you so the security measure is just in place to get you to the you know the machine itself or is it across your whole environment and usually it's preventing and isolating that machine access initially you know going through your identity credentials getting access appropriately and then you're like okay you're good to go you can do what you need to do. We don't want to hurt business. But that's where attackers are taking advantage of that today. How do you go about balancing the need to protect the organization against the desire to not slow down your users? I think there is a fine balance there. The challenge you run into is how do you make it frictionless while providing the most enforcement, just like you mentioned. And our approach at Zero Networks is we took it as a let's harden in on those administrative actions, things that actually make a difference, but your normal standard users won't even notice what we're doing in the backend. So it feels frictionless as a business. The challenge it starts getting into is what about service accounts and overprivileged accounts? There's AI accounts. There's other things that are happening that you're like, well, now we need to harden and learn that. And that's the approach we're taking on. How can we identify a service account, harden it to what it needs to do based on learning and don't hurt business? So we have to take a second day approach. Let's just say we know what that account's doing. We have an idea, we lock it down. And then we learn naturally right afterwards, hey, you've made a change, your developer or whoever, now they're trying to access this. And we try to make that as fluid as possible to make the business move as fast as possible while staying secure. So there is a fine balance and that's why it's so hard in this space. Microsegmentation is not new technology. It's been around for 20 years or well, I think 20 years this year actually. So the fact that you're able to fully automate all the hard work of knowing what's going on in your environment, that's why we had to learn and provide an automated tool versus something that's, hey, here's a tool that you can do micro segmentation. And that's how it's been in this industry for the past 20 years. You mentioned a user being overprivileged. And I hear about that pretty often where, you know, it seems like people just through the natural course of business, they build up privileges along the way, but those never get revoked. How do you make that automatic? And again, not get in the way of them accessing the things they need to access. Yeah, I don't know of any industry that doesn't have a little bit of overprivileged unless they have a very stickler of an identity security routine. What I mean by that is you're right. It's very common. That's why certain tools like identity security posture management has been spinning up. If you're familiar with that tool line, they're encouraging, hey, this is bad behavior. you should go toward this. It's kind of like the cloud posture management security solutions as well. This machine is too open to the web, so on and so forth. So the approach is now we can educate our users. Well, it doesn't matter because we might need this account the way it is. And the other problem is not everyone even knows what they need. When I was working at one of my former companies, if you look at my tenure, I worked at Microsoft, it was not uncommon for a developer to say, I just need full God mode. And you challenge them back and you're like, wait, wait, wait, why do you need God mode? Why do you need access to everything in this tenant? Well, it's just, it's easier. That's the answer. They had their own deadlines. They had their own commitments. So you had these power horses that make pretty good money that's working on new technology. And they're like, it doesn't matter. I just need to get this running and working. And I don't want to figure out all the controls in place. So they take it as a business operation and speed versus, hey, this is what you really need and this is the limit of access. I think that's why it's such a problem. It's not going very, very easily Because by default, we almost encourage you to just have admin God mode versus you only need this. Unless your business practices that might send. So how has AI affected the types of things that you all do? It's been drastic. So AI hasn't influenced our product. We actually have taken more of a hands-off AI approach. We want to know real facts. If we started doing AI in our business, then we would have the fear of taking down businesses. So instead, we've done, we know what's happened, we know what's communicating, and we can provide hardening through your environment. That's the approach we have done at Zero Networks. AI is more of a guiding tool like searching logs. That's the approach we've taken here. Now, have we seen AI being used by our customers? That's a different conversation. For example, they don't know fully what's happening in their environment. They don't know what service accounts and privileged accounts are communicating with AI if it's an internal LLM, for example. Or the other approach is I don't know what is using AI. And they want to have AI hardening. For another instance, I'm not hitting on anybody, but let's just say Spotify is running on your machine. If you're familiar with Spotify, since that's a pretty public and common use application, it uses Gemini in the back end. Well maybe I don want to have any Gemini access into my assets There other tools that are leveraging AI And that another concern Like I don even know what is being spread around I just improving a tool because I want a business to keep running. So there's a different level of approach that we're seeing AI use by customers, and we can see the insights of this communication based on our tool for hardening purposes. Where do you suppose we're headed here? As you look toward the future, what sorts of things do you imagine we'll have in place? To be clear, like on AI, on zero networks itself, zero trust. Yeah, I'd say more on zero networks than zero trust, yeah. Right now, it's been mostly around the fact that as a company, I have had this pain, and I'm solving this pain by going in this direction. That is how it's mostly been in the industry when it comes to why I might look at micro-segmentation and then isolation. Now, what's interesting is multiple regulations are now, just now, starting to enforce audit visibility and control, proving who you are, who you say you are in regulations. I mean, HIPAA has a new one coming out right now. They want more audit visibility and control. It's in the pending phase. We have new AI regulations coming out. They want to know accountability of what's in actions and how it's being managed. we have more enforcements that are pushing toward that zero trust mindset versus it's a goal and a mission like hey i i'm as a cso want to push my company into a zero trust so i think as a as a future not just for zero networks but as an industry we're almost enforcing and pushing people if you want to be pci compliance with this in the new modern age then you need to have more levels of enforcement, validation and control. And it's not just the regulators that are pushing this. It's actually even cyber insurance and other parts of the business because they're seeing too much risk here. So they want to limit that risk. So I would say that's probably where things are going to be shifting the next few years. And AI is a big part of it as well. And I suppose, I mean, is it fair to say that part of the journey that people take with folks like you who are in that business is to be not just doing your checkbox regulatory compliance, but really seeing it all the way through to its full potential. Yeah. Yeah. Specifically with us, I would agree that's very true. There's always a checkbox companies that they're moving too fast or they can't keep up with the momentum of the market. I get that. But when I'm working with customers, it's a board level one-year initiative. Like they're like, we can hit fully segmentation within a year. and that's huge. I can prove it. I have full control and visibility and I'm talking Fortune, let's just say 2,000 companies. These are big companies that are hitting these one-year goal lines. That's something that most companies could have ever dreamed of in the past. They would have had a multi-year journey. They would have said, hey, we're working toward this. We're pushing through this dream of having least privilege access and control within our environment and while we're moving into cloud and we're learning and leveraging LLMs in our environment. So it's just a very different approach, and that's where we're getting a lot of success, I should say, within the market, is because we can deliver in a very short period of time while actually delivering fully what we're saying we're trying to do. That's Chris Beam, Zero Network's Field Chief Technology Officer. And now a word from our sponsor, the Center for Cyber Health and Hazard Strategies, also known as CHHS. Looking for a graduate degree that will give you an edge on your professional career? earn a Master of Science in Law at University of Maryland Cary School of Law. This part-time two-year online graduate degree program is designed for experienced professionals to understand laws and policies that impact your industry. Learn from CHHS faculty who are experts in their field. No GRE required. Learn how you can master the law without a JD at law.umaryland.edu. And finally, Abraham Lincoln is often credited with the observation that he who represents himself in court has a fool for a client. In 2026, he might have added, and possibly a chatbot for co-counsel. A new study finds self-represented federal court filings have risen sharply since generative AI tools made it easier to draft complaints, motions, and other legal paperwork, shifting both who shows up in court and how much work they bring with them. According to researchers Anand Shah and Joshua Levy, pro se filings held steady at about 11% of civil cases until 2022, then climbed to 16.8% by 2025. The study reviewed 4.5 million cases and found these filings now include 158% more motions and docket activity. Researchers say plaintiffs, not defendants, are driving the increase, suggesting AI is helping people initiate complaints rather than respond to them. Lower barriers to filing may expand access to justice, but also risk slowing already strained courts as judges process more AI-assisted paperwork, some of it enthusiastic, some of it templated, and all of it still requiring human review. And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity, If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com. N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Heltzman. Our contributing host is Maria Vermazis. Our executive producer is Jennifer Iben. Peter Kilpie is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
